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1. Topic 1, Litware 


Existing Environment 

Network Environment 

The manufacturing and research datacenters connect to the primary datacenter by using a VPN. 

The primary datacenter has an ExpressRoute connection that uses both Microsoft peering and private 
peering. The private peering connects to an Azure virtual network named HubVNet. 


Identity Environment 
Litware has a hybrid Azure Active Directory (Azure AD) deployment that uses a domain named 
litwareinc.com. All Azure subscriptions are associated to the litwareinc.com Azure AD tenant. 


Database Environment 

The sales department has the following database workload: 

- An on-premises named SERVER‘ hosts an instance of Microsoft SQL Server 2012 and two 1-TB 
databases. 

- A logical server named SalesSrv01A contains a geo-replicated Azure SQL database named 
SalesSQLDb1. SalesSQLDb1 is in an elastic pool named SalesSQLDb1Pool. SalesSQLDb1 uses 
database firewall rules and contained database users. 

- An application named SalesSQLDb1App1 uses SalesSQLDb1. 


The manufacturing office contains two on-premises SQL Server 2016 servers named SERVER2 and 
SERVERS. The servers are nodes in the same Always On availability group. The availability group 
contains a database named ManufacturingSQLDb1 


Database administrators have two Azure virtual machines in HubVnet named VM1 and VM2 that run 
Windows Server 2019 and are used to manage all the Azure databases. 


Licensing Agreement 
Litware is a Microsoft Volume Licensing customer that has License Mobility through Software Assurance. 


Current Problems 
SalesSQLDb1 experiences performance issues that are likely due to out-of-date statistics and frequent 
blocking queries. 


Requirements 

Planned Changes 

Litware plans to implement the following changes: 

- Implement 30 new databases in Azure, which will be used by time-sensitive manufacturing apps that 
have varying usage patterns. Each database will be approximately 20 GB. 

- Create a new Azure SQL database named ResearchDB1 on a logical server named ResearchSrv01. 
ResearchDB1 will contain Personally Identifiable Information (PII) data. 

- Develop an app named ResearchApp1 that will be used by the research department to populate and 
access ResearchDB1. 
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- Migrate ManufacturingSQLDb1 to the Azure virtual machine platform. 
- Migrate the SERVER1 databases to the Azure SQL Database platform. 


Technical Requirements 

Litware identifies the following technical requirements: 

- Maintenance tasks must be automated. 

- The 30 new databases must scale automatically. 

- The use of an on-premises infrastructure must be minimized. 

- Azure Hybrid Use Benefits must be leveraged for Azure SQL Database deployments. 

- All SQL Server and Azure SQL Database metrics related to CPU and storage usage and limits must be 
analyzed by using Azure built-in functionality. 


Security and Compliance Requirements 

Litware identifies the following security and compliance requirements: 

- Store encryption keys in Azure Key Vault. 

- Retain backups of the PII data for two months. 

- Encrypt the PII data at rest, in transit, and in use. 

- Use the principle of least privilege whenever possible. 

- Authenticate database users by using Active Directory credentials. 

- Protect Azure SQL Database instances by using database-level firewall rules. 

- Ensure that all databases hosted in Azure are accessible from VM1 and VM2 without relying on public 
endpoints. 


Business Requirements 

Litware identifies the following business requirements: 

- Meet an SLA of 99.99% availability for all Azure deployments. 

- Minimize downtime during the migration of the SERVER1 databases. 

- Use the Azure Hybrid Use Benefits when migrating workloads to Azure. 
- Once all requirements are met, minimize costs whenever possible. 


HOTSPOT 

You need to recommend the appropriate purchasing model and deployment option for the 30 new 
databases. The solution must meet the technical requirements and the business requirements. 

What should you recommend? To answer, select the appropriate options in the answer area. NOTE: Each 
correct selection is worth one point. 
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Purchasing model: Ww 


Azure virtual machine reserved instances 
DTU 
vCore 


Deployment option: 
An Azure SQL Database elastic pool 
An Azure SQL Database managed instance 
A SQL Server Always On availability group 


Answer: 
Purchasing model: Yv 

Azure virtual machine reserved instances 
DTU 
vCore 

Deployment option: Vv 
An Azure SQL Database elastic pool 
An Azure SQL Database managed instance 
A SQL Server Always On availability group 

Explanation: 

Box 1: DTU 

Scenario: 


c® The 30 new databases must scale automatically. 

cœ Once all requirements are met, minimize costs whenever possible. 

You can configure resources for the pool based either on the DTU-based purchasing model or the 
vCore-based purchasing model. 

In short, for simplicity, the DTU model has an advantage. Plus, if you’re just getting started with Azure 
SQL Database, the DTU model offers more options at the lower end of performance, so you can get 
started at a lower price point than with vCore. 

Box 2: An Azure SQL database elastic pool 

Azure SQL Database elastic pools are a simple, cost-effective solution for managing and scaling multiple 
databases that have varying and unpredictable usage demands. The databases in an elastic pool are on 
a single server and share a set number of resources at a set price. Elastic pools in Azure SQL Database 
enable SaaS developers to optimize the price performance for a group of databases within a prescribed 
budget while delivering performance elasticity for each database. 


2.DRAG DROP 

You create all of the tables and views for ResearchDB1. 

You need to implement security for ResearchDB1. The solution must meet the security and compliance 
requirements. 


4/12 


The safer , easier way to help you pass Microsoft DP-300 exam. 


Which three actions should you perform in sequence? To answer, move the appropriate actions from the 


list of actions to the answer area and arrange them in the correct order. 


Actions Answer Area 


| Run the Always Encrypted wizard. 


Create an Azure Key Vault instance and 
| generate a secret. 


Create an Azure Key Vault instance and | 
configure an access policy. 


| Create an Azure AD managed identity. 


Register ResearchApp1 to Azure AD. 


Answer: 
Actions Answer Area 
| Run the Always Encrypted wizard. Register ResearchApp1 to Azure AD. 


Create an Azure Key Vault instance and | Create an Azure Key Vault instance and 
| generate a secret. configure an access policy. 


i 


| Create an Azure Key Vault instance and | | Run the Always Encrypted wizard 
| configure an access policy. | . 


| Create an Azure AD managed identity. 


| Register ResearchApp1 to Azure AD. 


Explanation: 
Graphical user interface, text, application 
Description automatically generated 


3.HOTSPOT 

You are planning the migration of the SERVER1 databases. The solution must meet the business 
requirements. 

What should you include in the migration plan? To answer, select the appropriate options in the answer 
area. NOTE: Each correct selection is worth one point. 
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Answer Area 


Azure Database Migration v 


Service pricing tier: |Standard 2-vCore 
Standard 4-vCore 


Premium 4-vCore 


Required Azure resource: 
A virtual network that has service endpoints 
A VPN gateway 
An Azure Logic app 


Answer: 


Answer Area 


Azure Database Migration v 


Service pricing tier: |Standard 2-vCore 
Standard 4-vCore 
Premium 4-vCore 


Required Azure resource: 
A virtual network that has service endpoints 


AVPN gateway 
An Azure Logic app 


Explanation: 

Azure Database Migration service 

Box 1: Premium 4-VCore 

Scenario: Migrate the SERVER1 databases to the Azure SQL Database platform. 

œ Minimize downtime during the migration of the SERVER1 databases. 

Premimum 4-vCore is for large or business critical workloads. It supports online migrations, offline 
migrations, and faster migration speeds. 


4.HOTSPOT 

You need to implement the monitoring of SalesSQLDb1. The solution must meet the technical 
requirements. 

How should you collect and stream metrics? To answer, select the appropriate options in the answer area. 
NOTE: Each correct selection is worth one point. 
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Answer Area 


Collect metrics from: 


The database only 
The elastic pool and the database 


The elastic pool only 
The server, the elastic pool, and the database 


Stream metrics to: v 


Azure Event Hubs 
Azure Log Analytics 


Azure Storage 

Answer: 

Answer Area 

Collect metrics from: Vv 
The database only 
The elastic pool and the database 
The elastic pool only 
The server, the elastic pool, and the database 
Stream metrics to: Yv 

Azure Event Hubs 
Azure Log Analytics 
Azure Storage 

Explanation: 

Box 1: The server, the elastic pool, and the database 

Senario: 


SalesSsQLDb1 is in an elastic pool named SalessQLDb1Pool. 

Litware technical requirements include: all SQL Server and Azure SQL Database metrics related to CPU 
and storage usage and limits must be analyzed by using Azure built-in functionality. 

Box 2: Azure Event hubs 

Scenario: Migrate ManufacturingSQLDb1 to the Azure virtual machine platform. 

Event hubs are able to handle custom metrics. 


5.DRAG DROP 


You need to configure user authentication for the SERVER1 databases. The solution must meet the 
security and compliance requirements. 
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Actions Answer Area 


Create a user in the master database 


Modify the Azure SQL server 
administrator account 


Create contained database users 


Create an Azure AD administrator for 
the logical server 


Connect to the databases by using an 
Azure AD account 


Enable the contained database 
authentication option 


Answer: 


Actions Answer Area 


Create an Azure AD administrator for 
the logical server 


Create a user in the master database 


Modify the Azure SQL server 
administrator account 


Create contained database users 


Connect to the databases by using an 
Azure AD account 


Create contained database users 


Create an Azure AD administrator for 
the logical server 


Connect to the databases by using an 
Azure AD account 


Enable the contained database 
authentication option 


Explanation: 
Scenario: Authenticate database users by using Active Directory credentials. 
The configuration steps include the following procedures to configure and use Azure Active Directory 
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authentication. 

c® Create and populate Azure AD. 

c® Optional: Associate or change the active directory that is currently associated with your Azure 
Subscription. 

c® Create an Azure Active Directory administrator. (Step 1) 

c® Configure your client computers. 

c® Create contained database users in your database mapped to Azure AD identities. (Step 2) 
c® Connect to your database by using Azure AD identities. (Step 3) 


6.You need to implement authentication for ResearchDB1. The solution must meet the security and 
compliance requirements. 

What should you run as part of the implementation? 

A. CREATE LOGIN and the FROM WINDOWS clause 

B. CREATE USER and the FROM CERTIFICATE clause 

C. CREATE USER and the FROM LOGIN clause 

D. CREATE USER and the ASYMMETRIC KEY clause 

E. CREATE USER and the FROM EXTERNAL PROVIDER clause 

Answer: E 

Explanation: 

Scenario: Authenticate database users by using Active Directory credentials. (Create a new Azure SQL 
database named ResearchDB1 on a logical server named ResearchSrv01.) 

Authenticate the user in SQL Database or SQL Data Warehouse based on an Azure Active Directory user: 
CREATE USER [Fritz@contoso.com] FROM EXTERNAL PROVIDER; 

Reference: https://docs.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql 


7.You are evaluating the business goals. 

Which feature should you use to provide customers with the required level of access based on their 
service agreement? 

A. dynamic data masking 

B. Conditional Access in Azure 

C. service principals 

D. row-level security (RLS) 

Answer: D 

Explanation: 

Reference: 
https://docs.microsoft.com/en-us/sql/relational-databases/security/row-level-security?view=sql-server-ver 
15 


8.HOTSPOT 

You need to recommend a configuration for ManufacturingSQLDb1 after the migration to Azure. The 
solution must meet the business requirements. 

What should you include in the recommendation? To answer, select the appropriate options in the answer 
area. NOTE: Each correct selection is worth one point. 
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Answer Area 


Quorum model: 
Cloud witness 


Disk witness 
File share witness 


Azure resource for the availability 


Vv 
group listener: Azure Application Gateway | 
Azure Basic Load Balancer | 
Answer: 

Yv 


Answer Area 


Quorum model: 


Cloud witness 


Disk witness 
File share witness 


Azure resource for the availability 


v 
group listener: Azure Application Gateway | 
Azure Basic Load Balancer 


Explanation: 

Scenario: Business Requirements 

Litware identifies business requirements include: meet an SLA of 99.99% availability for all Azure 
deployments. 

Box 1: Cloud witness 

If you have a Failover Cluster deployment, where all nodes can reach the internet (by extension of Azure), 
it is recommended that you configure a Cloud Witness as your quorum witness resource. 

Box 2: Azure Basic Load Balancer 

Microsoft guarantees that a Load Balanced Endpoint using Azure Standard Load Balancer, serving two or 
more Healthy Virtual Machine Instances, will be available 99.99% of the time. 

Note: There are two main options for setting up your listener: external (public) or internal. The external 
(public) listener uses an internet facing load balancer and is associated with a public Virtual IP (VIP) that 
is accessible over the internet. An internal listener uses an internal load balancer and only supports 
clients within the same Virtual Network. 
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9.You need to identify the cause of the performance issues on SalesSQLDb1. 

Which two dynamic management views should you use? Each correct answer presents part of the 
solution. NOTE: Each correct selection is worth one point. 

A. sys.dm_pdw_nodes_tran_locks 

B. sys.dm_exec_compute_node_errors 

C. sys.dm_exec_requests 

D. sys.dm_cdc_errors 

E. sys.dm_pdw_nodes_os_wait_stats 

F. sys.dm_tran_locks 

Answer: A,E 

Explanation: 

SalesSQLDb1 experiences performance issues that are likely due to out-of-date statistics and frequent 
blocking queries. 

A: Use sys.dm_pdw_nodes_tran_locks instead of sys.dm_tran_locks from Azure Synapse Analytics (SQL 
Data Warehouse) or Parallel Data Warehouse. 

E: Example: 

The following query will show blocking information. 

SELECT 

t1.resource_type, 

t1.resource_database_id, 

t1.resource_associated_entity_id, 

t1.request_mode, 

t1.request_session_id, 

t2.blocking_session_id 

FROM sys.dm_tran_locks as t1 

INNER JOIN sys.dm_os_waiting_tasks as t2 

ON t1.lock_owner_address = t2.resource_address; 

Note: Depending on the system you’re working with you can access these wait statistics from one of three 
locations: 

sys.dm_os_wait_stats: for SQL Server 

sys.dm_db_wait_stats: for Azure SQL Database 

sys.dm_pdw_nodes_os_wait_stats: for Azure SQL Data Warehouse 

Reference: 
https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-tr 
an-locks-transact-sql 


10.What should you do after a failover of SalesSQLDb1 to ensure that the database remains accessible 
to SalesSQLDb1App1? 

A. Configure SalesSQLDb1 as writable. 

B. Update the connection strings of SalesSQLDb1App1. 

C. Update the firewall rules of SalesSQLDb1. 

D. Update the users in SalesSQLDb1. 

Answer: C 

Explanation: 
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Scenario: SalesSQLDb1 uses database firewall rules and contained database users. 


11.You need to provide an implementation plan to configure data retention for ResearchDB1. 
The solution must meet the security and compliance requirements. 

What should you include in the plan? 

A. Configure the Deleted databases settings for ResearchSrvOL 

B. Deploy and configure an Azure Backup server. 

C. Configure the Advanced Data Security settings for ResearchDBL 

D. Configure the Manage Backups settings for ResearchSrvOL 

Answer: D 

Explanation: 

Reference: 
https://docs.microsoft.com/en-us/azure/azure-sql/database/long-term-backup-retention-configure 


12.You need to recommend a solution to ensure that the customers can create the database objects. The 
solution must meet the business goals. 

What should you include in the recommendation? 

A. For each customer, grant the customer ddl_ admin to the existing schema. 

B. For each customer, create an additional schema and grant the customer ddl_ admin to the new 
schema. 

C. For each customer, create an additional schema and grant the customer db_writerto the new schema. 
D. For each customer, grant the customer db_writerto the existing schema. 

Answer: D 
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